CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53172 – ubi: fastmap: Fix duplicate slab cache names while attaching
https://notcve.org/view.php?id=CVE-2024-53172
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already ex... • https://git.kernel.org/stable/c/d2158f69a7d469c21c37f7028c18aa8c54707de3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53168 – sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
https://notcve.org/view.php?id=CVE-2024-53168
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53165 – sh: intc: Fix use-after-free bug in register_intc_controller()
https://notcve.org/view.php?id=CVE-2024-53165
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded. In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d ... • https://git.kernel.org/stable/c/2dcec7a988a1895540460a0bf5603bab63d5a3ed •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49034 – sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-49034
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0... • https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53164 – net: sched: fix ordering of qlen adjustment
https://notcve.org/view.php?id=CVE-2024-53164
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a c... • https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53158 – soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
https://notcve.org/view.php?id=CVE-2024-53158
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflo... • https://git.kernel.org/stable/c/eddac5af06546d2e7a0730e3dc02dde3dc91098a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53157 – firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
https://notcve.org/view.php?id=CVE-2024-53157
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 ... • https://git.kernel.org/stable/c/8cb7cf56c9fe5412de238465b27ef35b4d2801aa •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53156 – wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
https://notcve.org/view.php?id=CVE-2024-53156
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_fir... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53155 – ocfs2: fix uninitialized value in ocfs2_file_read_iter()
https://notcve.org/view.php?id=CVE-2024-53155
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: ... • https://git.kernel.org/stable/c/7cdfc3a1c3971c9125c317cb8c2525745851798e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is ... • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd •